Advanced Tor Browser Bundle config. - Anti-Spying - Anti-ECHELON - Anti-FiveEyes - page 4.

BitcoinFX

legendary

Activity: 2646

Merit: 1722

https://youtu.be/DsAVx0u9Cw4 ... Dr. WHO < KLF

Optional avoid servers list for ExcludeNodes :

Tor servers run by educational institutions and academic establishments :

.edu domains:

USA :

aftbit,18.228.0.188
alexryantorrelay,131.215.172.23
balerion,128.12.226.56
beezwaks,128.175.170.150
berrycup,18.82.3.196
BlackIce,128.173.14.108
BostonUCompSci,204.8.156.142
caslab,130.132.177.126
casttor,130.184.75.118
celeborn,128.12.226.82
cmutornode,128.2.142.104
csailmitexit,128.52.128.105
csailmitnoexit,128.52.160.20
EecsUmichExit,EecsUmichExit1,141.212.108.13
epitaphtwo,128.12.177.59
Firebird79,212.41.3.148
GEO,128.117.43.92
GEO2b,192.43.244.42
hwds,18.82.3.136
ibben,128.12.226.56
ibibUNC0,204.85.191.30
Jalapiano,146.151.127.200
KUITTC2,129.237.123.57
moria1,128.31.0.34 - N.B. Long standing Tor Authority Server - hosted by MIT.
moriatoo,128.31.0.34
NewCourier,128.210.3.225
omfglolwtfbbq1337,138.110.45.38
Onions,18.238.2.85
pook0oow,195.154.5.123
raspberrytea,18.82.3.205
sipbtor,18.187.1.68
strangefoot2,131.215.30.92
sunriseInOuterSpace,129.64.8.147
tanet,18.125.1.222
UFPOatWSU00,134.121.67.106
UFPOatWSU01,134.121.67.105
umntor,146.57.249.104
UncleEnzo,18.238.1.85
ungoliant,128.12.226.82
128.237.157.114
UtahState0,UtahState1,129.123.7.39
UtahState2,UtahState3,129.123.7.8
UtahStateExit,UtahStateExit2,129.123.7.6
UWashingtonCSE,128.208.2.233
VERITAS,18.181.5.37
vtcsec,128.173.55.11
vtluug,128.173.89.245
WesCSTor,129.133.8.31
Whirlpool,64.254.175.3
yjmTorServT,139.78.141.247
zzzrouteruiuc,130.126.142.171

Code:

aftbit,18.228.0.188,alexryantorrelay,131.215.172.23,balerion,128.12.226.56,beezwaks,128.175.170.150,berrycup,18.82.3.196,BlackIce,128.173.14.108,BostonUCompSci,204.8.156.142,caslab,130.132.177.126,casttor,130.184.75.118,celeborn,128.12.226.82,cmutornode,128.2.142.104,csailmitexit,128.52.128.105,csailmitnoexit,128.52.160.20,EecsUmichExit,EecsUmichExit1,141.212.108.13,epitaphtwo,128.12.177.59,Firebird79,212.41.3.148,GEO,128.117.43.92,GEO2b,192.43.244.42,hwds,18.82.3.136,ibben,128.12.226.56,ibibUNC0,204.85.191.30,Jalapiano,146.151.127.200,KUITTC2,129.237.123.57,moria1,128.31.0.34,moriatoo,128.31.0.34,NewCourier,128.210.3.225,omfglolwtfbbq1337,138.110.45.38,Onions,18.238.2.85,pook0oow,195.154.5.123,raspberrytea,18.82.3.205,sipbtor,18.187.1.68,strangefoot2,131.215.30.92,sunriseInOuterSpace,129.64.8.147,tanet,18.125.1.222,UFPOatWSU00,134.121.67.106,UFPOatWSU01,134.121.67.105,umntor,146.57.249.104,UncleEnzo,18.238.1.85,ungoliant,128.12.226.82,128.237.157.114,UtahState0,UtahState1,129.123.7.39,UtahState2,UtahState3,129.123.7.8,UtahStateExit,UtahStateExit2,129.123.7.6,UWashingtonCSE,128.208.2.233,VERITAS,18.181.5.37,vtcsec,128.173.55.11,vtluug,128.173.89.245,WesCSTor,129.133.8.31,Whirlpool,64.254.175.3,yjmTorServT,139.78.141.247,zzzrouteruiuc,130.126.142.171

linglom,140.109.232.105 - TW

Code:

linglom,140.109.232.105

.ac domains:

crunch0r,128.130.204.91 - GB
ephemer3,128.232.18.57 - GB
motmot,137.205.124.35 - GB
T0T0R0,164.15.167.7 - BE
UCLCrypto,192.135.168.251 - BE

Code:

crunch0r,128.130.204.91,ephemer3,128.232.18.57,motmot,137.205.124.35,T0T0R0,164.15.167.7,UCLCrypto,192.135.168.251

.uni- domains in Germany - DE

Avalon,132.230.150.81
cn,134.99.112.168
csUniHB,134.102.200.101
Disco,131.246.19.81
fluxe4,131.188.40.188 - N.B. Node operator runs a Tor Authority Server.
lakedistrict1,134.34.125.68
shaundasschaf,131.188.24.14
theophysicsatunikn,134.34.147.22
unir,139.30.239.23
131.188.156.63
141.54.159.184
139.18.25.35
UnseenAcademicals,134.106.3.254
WohnheimE,134.96.65.17

Code:

Avalon,132.230.150.81,cn,134.99.112.168,csUniHB,134.102.200.101,Disco,131.246.19.81,fluxe4,131.188.40.188,lakedistrict1,134.34.125.68,shaundasschaf,131.188.24.14,theophysicsatunikn,134.34.147.22,unir,139.30.239.23,131.188.156.63,141.54.159.184,139.18.25.35,UnseenAcademicals,134.106.3.254,WohnheimE,134.96.65.17

Swedish University Networks:

sunet .se :

Kiruna,193.11.164.242
Lule,193.11.164.243
salsa,130.242.60.20

Code:

Kiruna,193.11.164.242,Lule,193.11.164.243,salsa,130.242.60.20

mdfnet .se :

mdfnet1,193.11.114.43
mdfnet2,193.11.114.45
mdfnet3,193.11.114.46
mdfnet4,193.11.114.47
WolfExit,193.11.129.250

Code:

mdfnet1,193.11.114.43,mdfnet2,193.11.114.45,mdfnet3,193.11.114.46,mdfnet4,193.11.114.47,WolfExit,193.11.129.250

nordu .net :

ndnr1,109.105.109.162

Code:

ndnr1,109.105.109.162

...

Including these avoid lists in your ExcludeNodes does not prevent access to educational resources or to any Tor hidden_services (such as resource libraries, which may or may not be hosted on such networks) and simply prevents your Tor client from building circuits to these nodes.

As a private individual using the Tor network - there are perhaps many reasons as to why you would not want to make any connections to educational, university and/or academic institutions.

Moreover, the above Tor Relays and Exit nodes are very likely to have access by a large number of individuals i.e. lecturers, students, janitors etc. They are also very likely to be used in research projects, academic studies and for the collection of metrics etc. All of these factors are perhaps not conducive to preserving the individual privacy of regular Tor network users.

Also see: http://youtu.be/CJNxbpbHA-I?t=10m37s - The Tor Network [30c3] - from 10:37

BitcoinFX

legendary

Activity: 2646

Merit: 1722

https://youtu.be/DsAVx0u9Cw4 ... Dr. WHO < KLF

Optional avoid servers list for ExcludeNodes :

PlanetLab Tor servers: https://www.planet-lab.org/

tingPLacil2,212.199.61.205 - IL
tingPLkoszalin2,62.108.171.76 - PL
tingPLmonash1,130.194.252.8 - AU
tingPLrnp1,200.129.132.18 - BR
tingPLupc2,147.83.30.167 - ES

Code:

tingPLacil2,212.199.61.205,tingPLkoszalin2,62.108.171.76,tingPLmonash1,130.194.252.8,tingPLrnp1,200.129.132.18,tingPLupc2,147.83.30.167

US PlanetLab Tor servers:

tingBPw,tingBPz,128.8.126.92 - US
tingPLcmu3,128.2.211.115 - US
tingPLdu2,130.253.21.123 - US
tingPLharvardleft,140.247.60.123 - US
tingPLnyit2,108.58.13.206 - US
tingPLtamu3,165.91.55.10 - US
tingPLucsb3,128.111.52.63 - US
tingPLwisc3,198.133.224.147 - US

Code:

tingBPw,tingBPz,128.8.126.92,tingPLcmu3,128.2.211.115,tingPLdu2,130.253.21.123,tingPLharvardleft,140.247.60.123,tingPLnyit2,108.58.13.206,tingPLtamu3,165.91.55.10,tingPLucsb3,128.111.52.63,tingPLwisc3,198.133.224.147

All of the above are currently Tor Entry servers (non-Exit). They have all been running for 55 days approx. (at the time of writing this post), so were started / installed at the same time. They are all utilizing almost 0 bandwidth availability. They are all running Tor 0.2.4.22 (as are many Tor servers) - which is known to have a security vulnerability.

Thanks!

BitcoinFX

legendary

Activity: 2646

Merit: 1722

https://youtu.be/DsAVx0u9Cw4 ... Dr. WHO < KLF

All four 'xeronet' example TBB config's have been revised and updated.

1. Original - xeronet Torrc - v3.6.3 - 'Anti-FiveEyes' - https://bitcointalksearch.org/topic/m.3551345

2. xeronet Torrc - v3.6.3c (a) - combined censorship resistant version - includes some US and CA Exit servers - probably faster than the above torrc.

See: https://bitcointalksearch.org/topic/m.4570984

3. xeronet Torrc - v3.6.3f - 'fastest' version - includes 'Five-Eyes' Exit and Entry Servers.

See: https://bitcointalksearch.org/topic/m.4959371

4. Bitcoin (crypto currency example torrc) with the addition of port number 8333 added to LongLivedPorts etc. and including avoid nodes with safer P2P connectivity.

See: https://bitcointalksearch.org/topic/m.6677546

- If your downloading a fresh Tor Browser Bundle v3.6.3 which is strongly advised for a recent bug fix then you must bootstrap fully to the Tor network at least once before importing (copying) any one of the example config's into your torrc. Otherwise you will probably experience connectivity issues. So, use the blank 'default' torrc once until your see the Firefox TBB window and then shutdown to add / test the conf (torrc).

Various updates have been made to the example config's including:

- the removal of retired (previously recommended) servers.

- the addition of some new fast servers from highly 'privacy focused' organizations.

- updates to the avoid list of known 'bad' exit nodes.

- added UseNTorHandshake 1 (see above post) and the Tor manual ofc.

- removed Western Sahara - {eh} from the avoid countries list as it is not currently assigned in GeoIP and Tor can't read it.

- https://calyxinstitute.org seems to have moved its server's / IP's back to the US from NL (except for their Tor mail server IP, guess that is harder to move!?)

...

Again, these are all just example configs to help empower all Tor users. Everyone should learn to edittheconfig !

...

Additional tips for safe browsing:

Install Adblock Edge (now recommended over Adblock plus) and disable JavaScript !!!

See howto: https://bitcointalksearch.org/topic/m.4410668

Cheers!

- Next updates to include optional avoid lists for Tor servers known to be run by educational establishments and/or institutions known to be collecting Tor 'metrics' or doing 'research'. Such factors are perhaps not ideal for ensuring individual privacy online.

For example, it can be noted that the PlanetLab - See: https://wikipedia.org/wiki/PlanetLab has recently started running a bunch of Tor servers, along side their 'transparent' proxies in multiple .edu facilities in various countries around the erm... globe. Cheesy

- http://torstatus.blutmagie.de/

BitcoinFX

legendary

Activity: 2646

Merit: 1722

https://youtu.be/DsAVx0u9Cw4 ... Dr. WHO < KLF

An example torrc config. for Darkcoin / Bitcoin published on one of my websites. UPDATED 18th March 2015

https://wikipedia.org/wiki/Legality_of_bitcoin_by_country

Also add Iceland and Estonia to ExcludeNodes ?

Code:

{ee},{is}

This is also a suitable config. for Bitcoin with the addition of port number 8333 added to LongLivedPorts .

Code:

ClientOnly 1

EnforceDistinctSubnets 0

ExcludeSingleHopRelays 0

ExcludeNodes {af},{dz},{ao},{am},{az},{bh},{by},{bj},{bn},{mm},{bf},{bi},{kh},{cm},{cf},{td},{cn},{co},{km},{cd},{ci},{cu},{dj},{eg},{gq},{er},{et},{ga},{gm},{ge},{gn},{hn},{hk},{in},{id},{ir},{iq},{jo},{kz},{kw},{kg},{la},{ly},{mo},{mg},{my},{mr},{yt},{mx},{md},{ma},{ng},{ne},{kp},{om},{pk},{ps},{qa},{ru},{rw},{sa},{sn},{sl},{sg},{so},{kr},{lk},{sd},{sz},{sy},{tw},{tj},{th},{tg},{tn},{tr},{tm},{ua},{ae},{uz},{ve},{vn},{ye},{zw},{gb},{ie},{je},{gg},{im},{ai},{bm},{aq},{io},{vg},{ky},{fk},{gi},{ms},{sh},{gs},{tc},{us},{mp},{pr},{vi},{as},{ht},{fm},{gu},{gl},{ca},{au},{cc},{nf},{nz},{tk},{ck},{nu},{cy},{al},{ar},{bt},{bo},{cg},{ec},{fj},{gt},{gw},{ht},{il},{ke},{lb},{ls},{lr},{mk},{mw},{mv},{np},{ni},{py},{sc},{ug},{zm},{ee},{is},{??}

ExcludeExitNodes {ag},{bb},{bz},{bw},{bg},{dm},{gh},{gd},{gy},{jm},{ki},{mu},{me},{na},{nr},{pg},{kn},{lc},{vc},{ws},{sb},{so},{sr},{tz},{to},{tt},{tv},{be},{fi},{dk},{it},{??}

LongLivedPorts 21, 22, 80, 443, 706, 1863, 5050, 5190, 5222, 5223, 6523, 6667, 6697, 8300, 9001, 9030, 9999, 8333

We do not need to specify any Entry or Exit nodes directly (as in our example browsing configs. in the OP) as not doing so provides improved overall server and port availability. Unnamed and default servers are also better allowed for this reason.

...

See: https://www.torproject.org/docs/tor-manual.html

If you would prefer increased speed, although with reduced anonymity you can include:

Code:

 AllowSingleHopCircuits 1

in your torrc.

"AllowSingleHopCircuits 0|1

When this option is set, the attached Tor controller can use relays that have the AllowSingleHopExits option turned on to build one-hop Tor connections. (Default: 0)"

...

I'd recommend all Bitcoin users, Tor users and crypto-currency / privacy enthusiasts to please support ' Reset the Net ' by June 5th, 2014

See: https://www.resetthenet.org

Forum topic: https://bitcointalksearch.org/topic/reset-the-net-june-5th-2014-httpswwwresetthenetorg-573931

Watch: http://youtu.be/qKk8MHFLNNE

Follow: https://twitter.com/resetthenet - @resetthenet #ResetTheNet

Thunderclap.it: https://www.thunderclap.it/projects/10619-reset-the-net/

...

Configs. on the 1st page are working great with TBB v3.6.1 upwards.

BitcoinFX

legendary

Activity: 2646

Merit: 1722

https://youtu.be/DsAVx0u9Cw4 ... Dr. WHO < KLF

Quote from: Spendulus on May 07, 2014, 07:10:51 PM

Thank you for this thread, it is quite informative.

You're welcome. Good to know that it is useful.

Quote from: SailAway on May 09, 2014, 05:36:25 PM

Quote from: BitcoinFX on May 07, 2014, 08:44:38 AM

It seems that GeoIP in TBB 3.6 is mis-configured to be located in a sytem folder in windows 7, for example.

"[WARN] Failed to open GEOIP file C:\Users\USERNAME\AppData\Roaming\tor\geoip6. We've been configured to use (or avoid) nodes in certain countries, and we need GEOIP information to figure out which ones they are.

The following torrc setting is ignored:

GeoIPFile C:\Users\USERNAME\Desktop\Tor Browser\Data\Tor\geoip

GeoIP works just fine for regular IP(v4) addresses. The warning refers to another missing/misplaced GeoIP6 file only for IPv6.

For now, you can just download that file directly into the appropriate folder from https://gitweb.torproject.org/tor.git/blob_plain/HEAD:/src/config/geoip6

The correct torrc directive to set the GeoIPv6 file location is GeoIPv6File, not GeoIPFile.

Appreciate and eagerly await an update of your recommended settings!

Indeed.

This issue (and a few others) seem to of been fixed by the Tor project developers in the v3.6.1 release of the TBB.

Updates to follow. Thanks!

SailAway

newbie

Activity: 1

Merit: 0

Quote from: BitcoinFX on May 07, 2014, 08:44:38 AM

It seems that GeoIP in TBB 3.6 is mis-configured to be located in a sytem folder in windows 7, for example.

"[WARN] Failed to open GEOIP file C:\Users\USERNAME\AppData\Roaming\tor\geoip6. We've been configured to use (or avoid) nodes in certain countries, and we need GEOIP information to figure out which ones they are.

The following torrc setting is ignored:

GeoIPFile C:\Users\USERNAME\Desktop\Tor Browser\Data\Tor\geoip

GeoIP works just fine for regular IP(v4) addresses. The warning refers to another missing/misplaced GeoIP6 file only for IPv6.

For now, you can just download that file directly into the appropriate folder from https://gitweb.torproject.org/tor.git/blob_plain/HEAD:/src/config/geoip6

The correct torrc directive to set the GeoIPv6 file location is GeoIPv6File, not GeoIPFile.

Appreciate and eagerly await an update of your recommended settings!

Spendulus

legendary

Activity: 2926

Merit: 1386

Thank you for this thread, it is quite informative.

BitcoinFX

legendary

Activity: 2646

Merit: 1722

https://youtu.be/DsAVx0u9Cw4 ... Dr. WHO < KLF

~~Lots of bugs in new TBB release 3.6~~... EDIT: fixed by the Tor project developers in the v3.6.1 release of the TBB.

It seems that GeoIP in TBB 3.6 is mis-configured to be located in a sytem folder in windows 7, for example.

"[WARN] Failed to open GEOIP file C:\Users\USERNAME\AppData\Roaming\tor\geoip6. We've been configured to use (or avoid) nodes in certain countries, and we need GEOIP information to figure out which ones they are.

The following torrc setting is ignored:

GeoIPFile C:\Users\USERNAME\Desktop\Tor Browser\Data\Tor\geoip

Check "Copy Tor Log to Clipboard" for additional errors when starting TBB.

Configs. I've posted still work if you exclude GeoIP country settings for ExcludeNodes and ExcludeExitNodes.

Can't really post updated configs. until its 'fixed'. Sent several bug reports.

BitcoinFX

legendary

Activity: 2646

Merit: 1722

https://youtu.be/DsAVx0u9Cw4 ... Dr. WHO < KLF

Quote from: Schleicher on April 23, 2014, 11:08:13 AM

It would also help if we could change the User Agent string to the most common one.

Good suggestion to be put to the folks at the Tor Project.

There are some existing addons for Firefox to change User Agent string, although not currently to the most common ones.

Schleicher

hero member

Activity: 675

Merit: 514

It would also help if we could change the User Agent string to the most common one.

BitcoinFX

legendary

Activity: 2646

Merit: 1722

https://youtu.be/DsAVx0u9Cw4 ... Dr. WHO < KLF

Quote from: Spendulus on April 22, 2014, 07:23:25 PM

Just delete some of the system fonts?

Certainly an option. Although quite impractical perhaps.

The best solution is to fully disable Java Script in Firefox (TBB).

See: https://bitcointalksearch.org/topic/m.4410668

I just ran a new test at https://panopticlick.eff.org/ using the latest Tor Browser Bundle with Java Script fully disabled and the ID score was below 10.

Java Script is required for the following identifiers; Browser Plugin Details, Time Zone, Screen Size and Color Depth, System Fonts and the Limited supercookie test. With Java Script completely disabled all of these tests will show 'no javascript', which will be the same for all visited websites i.e. a massive privacy boost!

Spendulus

legendary

Activity: 2926

Merit: 1386

Quote from: AndrewWilliams on November 13, 2013, 02:13:05 PM

You do not have to pay for JonDoBrowser.

Yes it's based on Tor.

I am still pretty concerned about browser fingerprinting.

There's no use to Tor if your browser can be ID'ed as unique...

If your browser can pass "the test" by giving less than 21 unique identifying pieces of info, I'll try it.
er that addresses the issue of browser fingerprinting.

Just delete some of the system fonts?

BitcoinFX

legendary

Activity: 2646

Merit: 1722

https://youtu.be/DsAVx0u9Cw4 ... Dr. WHO < KLF

All of the example Torrc configs. for the Tor Browser Bundle have been updated.

Countries deemed to have 'high' or 'extreme' levels of human rights abuse issues have now been added to our ExcludeNodes .

Source: https://maplecroft.com/themes/hr/ - Maplecroft Global Analytics - Human Rights Risk Atlas 2014

See: http://maplecroft.com/portfolio/new-analysis/2013/12/04/70-increase-countries-identified-extreme-risk-human-rights-2008-bhuman-rights-risk-atlas-2014b/

Countries being classed as 'Authoritarian Regimes' and/or countries with existing trade and/or arms Embargoes have also been restricted in our ExcludeNodes .

See: https://wikipedia.org/wiki/Authoritarianism and https://wikipedia.org/wiki/Embargo

was last UPDATED: 22nd Apr. 2014 and is still current.

Again, using these lists does not block Tor users in these countries, but instead can actually help in preventing internet censorship for Tor users both inside and outside of these countries. Tor Browser Bundle users using these lists also helps to protect any Tor Relay operators located within these countries.

BitcoinFX

legendary

Activity: 2646

Merit: 1722

https://youtu.be/DsAVx0u9Cw4 ... Dr. WHO < KLF

Quote from: newtypeseed on March 26, 2014, 03:00:24 AM

Quote from: BitcoinFX on March 23, 2014, 02:00:19 PM

All four example Tor configs. have been updated.

Optimized Bitcoin and Darkcoin config. examples to follow towards the end of next week.

If anyone has a working list of Bitcoin enabled .onion addresses then please do forward me a PM.

Thanks!

we can together to make something better

Yes indeed! That's the spirit. If you want to make any recommendations please do so.

All four variation example configs on the first page of this thread have been updated to include some of the revised lists from the above research. Everyone can still edit the configs for their own requirements and hopefully have a faster, safer Tor Browsing experience.

I'm still testing some configs for Bitcoin and Darkcoin etc. One of the main additions is obviously to add the coins port(s) to LongLivedPorts in the torrc config. Luckily most Tor Exit relays (even those using a reduced exit policy) still open ports 8332-8333 for Bitcoin and even 9999 for Darkcoin.

See: https://blog.torproject.org/running-exit-node and https://trac.torproject.org/projects/tor/wiki/doc/ReducedExitPolicy

newtypeseed

newbie

Activity: 56

Merit: 0

Quote from: BitcoinFX on March 23, 2014, 02:00:19 PM

All four example Tor configs. have been updated.

Optimized Bitcoin and Darkcoin config. examples to follow towards the end of next week.

If anyone has a working list of Bitcoin enabled .onion addresses then please do forward me a PM.

Thanks!

we can together to make something better

BitcoinFX

legendary

Activity: 2646

Merit: 1722

https://youtu.be/DsAVx0u9Cw4 ... Dr. WHO < KLF

The following list includes countries which undertake extensive, pervasive, substantial and selective censorship or filtering of internet content.

Censorship within these countries is often related to pornographic material (which might be considered to be legal in other countries), gambling and/or alcohol related websites might also be illegal or prohibited in these countries. Censorship can also include the restriction and/or filtering of social media websites, news sites and other content deemed to be politically inappropriate or objectionable within a regime. Example:

The purpose of this 'block' list is not to prevent Tor users in these countries from accessing the Tor network and it is presented to be beneficial for all Tor users in resisting censorsip.

For example, someone running a temporary Tor Exit node in a Middle Eastern country (trying to use Tor to access the free and open internet and help their fellow citizens), does not really want a Tor user in a Western country trying to access banned content from their ISP. The user probably won't get to the requested 'blocked' content anyway and the Exit node operator could get into trouble with their ISP or local authorities.

Tor has some measures in place to prevent these types of scenarios, but again these lists are probably useful for the majority of Tor users.

"Censorship is the suppression of speech or other public communication which may be considered objectionable, harmful, sensitive, politically incorrect or inconvenient as determined by a government, media outlet or other controlling body."

See: https://wikipedia.org/wiki/Internet_censorship_by_country and https://wikipedia.org/wiki/Censorship_by_country

Recommended Internet Censorship prevention list for ExcludeExitNodes - See: https://www.torproject.org/docs/tor-manual.html.en

ExcludeExitNodes node,node,…

"A list of identity fingerprints, nicknames, country codes and address patterns of nodes to never use when picking an exit node---that is, a node that delivers traffic for you outside the Tor network. Note that any node listed in ExcludeNodes is automatically considered to be part of this list too. See also the caveats on the "ExitNodes" option below."

This list can be used in ExcludeNodes, however allowing these nodes as Entry and Middle nodes in the Tor network provides a much more diverse possibility of circuits, whilst still helping to protect all Tor users against censorship.

N.B. That this list is designed to be used in addition to the "Enemies of the Internet" and "Countries Under Surveillance" lists and duplicate listings have been omitted.

This list does not block Tor users in these countries, but instead actually helps in preventing internet censorship for Tor users both inside and outside of these countries. Tor Browser Bundle users adding these lists also helps to protect any Tor Relay operators within these countries.

Afghanistan
Albania
Algeria
Angola
Armenia
Azerbaijan
Bangladesh
Benin
Bhutan
Bosnia-Herzegovina
Brunei
Bulgaria
Burkina Faso
Burundi
Cambodia
Cameroon
Central African Republic
Chad
Colombia
Comoros
Congo, Democratic Republic of the
Congo, Republic of the
Cyprus
Djibouti
Ethiopia
Equatorial Guinea
Gabon
Gambia
Georgia
Ghana
Guinea
Guinea Bissau
Honduras
Indonesia
Iraq
Israel
Ivory Coast
Jordan
Kuwait
Kyrgyzstan
Laos
Lebanon
Liberia
Libya
Macedonia
Madagascar
Malawi
Maldives
Mali
Mauritania
Mauritius
Mayotte
Mongolia
Montenegro
Morocco
Mozambique
Niger
Nigeria
Oman
Pakistan
Palestinian territories (West Bank and Gaza Strip)
Rwanda
Qatar
Senegal
Sierra Leone
Singapore
Somalia
Sudan
Suriname
Swaziland
Tajikistan
Tanzania
Togo
Uganda
Venezuela
~~Western Sahara~~ - {eh} - Removed from config. 12th Aug 2014 - 'disputed territory' and is not currently assigned in GeoIP.
Yemen
Zimbabwe

Code:

{af},{al},{dz},{ao},{am},{az},{bd},{bj},{bt},{ba},{bn},{bg},{bf},{bi},{kh},{cm},{cf},{td},{co},{km},{cd},{cg},{cy},{dj},{et},{gq},{ga},{gm},{ge},{gh},{gn},{gw},{hn},{id},{iq},{il},{ci},{jo},{kw},{kg},{la},{lb},{lr},{ly},{mk},{mg},{mw},{mv},{ml},{mr},{mu},{yt},{mn},{me},{ma},{mz},{ne},{ng},{om},{pk},{ps},{rw},{qa},{sn},{sl},{sg},{so},{sd},{sr},{sz},{tj},{tz},{tg},{ug},{ve},{ye},{zw}

N.B. That this list is designed to be used in addition to the "Enemies of the Internet" and "Countries Under Surveillance" lists and duplicate listings have therefore been omitted.

Again, this list does not block Tor users in these countries, but instead actually helps in preventing internet censorship for Tor users both inside and outside of these countries. Tor Browser Bundle users adding these lists also helps to protect any Tor Relay operators within these countries.

Previously recommended configs will be updated when these settings have been tested with existing settings.

Bitcoin conf. to follow.

BitcoinFX

legendary

Activity: 2646

Merit: 1722

https://youtu.be/DsAVx0u9Cw4 ... Dr. WHO < KLF

I decided to make a full review of the recommended ExcludeNodes and to help provide a clearer explanation as to whats going on and what we are all up against with regards to our Right to Privacy on the internet.

The original lists were expanded from the Open Net Initiative - See: https://opennet.net/ and also the aforementioned wiki on Internet Censorship. The situation in regards to a few countries internet policies and practices has changed in recent years.

So, recommended ExcludeNodes as per. https://wikipedia.org/wiki/Internet_censorship_by_country - Reporters Without Borders:

"Enemies of the Internet"... - Node restrictions are included in the 'default' example Tor config. from the OP.

Bahrain
Belarus
Burma (Myanmar)
China including Taiwan and Macau - as ExcludeNodes | Hong Kong - as ExcludeExitNodes - Updated 22nd Apr. 2014
Cuba
Iran
North Korea
Saudi Arabia
Syria
Turkmenistan
Uzbekistan
Vietnam

Code:

{bh},{by},{mm},{cn},{mo},{tw},{cu},{ir},{kp},{sa},{sy},{tm},{uz},{vn}

"Countries Under Surveillance"... - Node restrictions are included in the 'default' example Tor config. from the OP.

~~Australia~~ - already included as a Five-Eyes server in our example configs. - Updated: 29th March. 2014
Egypt
Eritrea
~~France~~ - omitted from the main configs after reviewing redacted legislation. Example lists of Nine-Eyes countries can be added if required. (See below).
India
Kazakhstan
Malaysia
Russia and Ukraine
South Korea
Sri Lanka
Thailand
Tunisia
Turkey
United Arab Emirates

Code:

{eg},{er},{in},{kz},{my},{ru},{ua},{kr},{lk},{th},{tn},{tr},{ae}

Five-Eyes https://wikipedia.org/wiki/Five_Eyes and ECHELON https://en.wikipedia.org/wiki/ECHELON

Five-Eyes (Level 1) - Node restrictions are included in the 'default' example Tor config. from the OP.

Australia
Canada
New Zealand
United Kingdom
United States

Code:

{au},{ca},{nz},{gb},{us}

Nine-Eyes (Level 2) - optional - N.B. massively restricts the number of available Tor servers.

Denmark
France
Netherlands
Norway

Code:

{dk},{fr},{nl},{no}

Fourteen-Eyes (Level 3) - optional - N.B. massively restricts the number of available Tor servers.

Germany
Belgium
Italy
Spain
Sweden

Code:

{de},{be},{it},{es},{se}

Additional (known) Intercept Stations (excluding already listed) - optional - N.B. massively restricts the number of available Tor servers.

Cyprus
Japan
Brazil
Kenya

Code:

{cy},{jp},{br},{ke}

The 'Pirate Browser' (known) .torrent website blocking - Node restrictions are included in the 'default' example Tor config. from the OP.

{dk},{ie},{gb},{be},{it},{cn},{ir},{fi},{no}

Additional to above lists:

Ireland
Finland

Code:

{ie},{fi}

As everyone can imagine blocking all existing Tor nodes in these countries reduces the available number of Tor nodes to build circuits with to a very low number. It is also relatively easy for an adversary to continue to observe traffic between Tor servers even when using these kind of country blocks. However, avoiding certain countries will be beneficial for some Tor users. One of the best options for privacy when using Tor is to set a block in ExcludeNodes for your own country and/or location if it is not already included in your ExcludeNodes list.

BitcoinFX

legendary

Activity: 2646

Merit: 1722

https://youtu.be/DsAVx0u9Cw4 ... Dr. WHO < KLF

Quote from: predic on March 23, 2014, 03:32:27 PM

mamma mia, you have to learn about methods of work of secret service.

They infiltrate human rights organizations and privacy organizations, your strategy is wrong from the beginning.

and those who work for secret service surely have money to employ very fast servers. ordinary users who are not working for the gov, they employ slow servers. some of ordinary users can be snitches but many are not, they employ server from their pocket, they don't get funding from the gov or from riches who work for the gov.

solution is in employing thousands of small servers, not choosing the fastest ones. therefore tor network need more users who will donate bandwidth and servers.

by the way, there are 9 eyes, not only 5.
so, 5 eyes + Denmark, Norway, France, Netherlands.

additional material for reading (How Covert Agents Infiltrate the Internet to Manipulate, Deceive, and Destroy Reputations): https://firstlook.org/theintercept/2014/02/24/jtrig-manipulation/

what they do at internet, they do the same in reality.

Whilst the title of this thread is perhaps sensational this topic is really about demonstrating how Tor can be used in different ways.

The configs that I have posted do make Tor faster for regular internet browsing and are also geared towards improving privacy, anonymity and security for the user, whoever they may be. Remember that this config also attempts to avoid known 'bad' Tor nodes as well.

These configs also take into consideration which Tor servers are the most useful when building fast circuits. The Tor network is actually not very big. The ideal situation is for more Tor users to be running Tor relays ! Join the Tor Network ! - https://www.torproject.org/getinvolved/relays

When using these configs the Tor software will still randomly select servers as the middle node and can also still make connections to all existing Tor servers (when not enforcing StrictNodes 1) These configs simply let the Tor client know what the preferred servers are to attempt to build circuits with.

As I've stated if you don't like an existing setting or you want to try to avoid building certain circuits then you can edit the config to that effect. My aim is to empower Tor users to get the most out of Tor for their intended purpose.

All countries, internet service providers, internet backbone providers are pretty much 'spying' on their citizens or customers and logging internet traffic and/or blocking various websites etc. Almost all Tor circuits will cross most major internet Tier pipelines at some point during your browsing session and being on the busiest routes can actually be beneficial to a users privacy.

Five-Eyes countries: https://wikipedia.org/wiki/Five_Eyes

ECHELON: https://wikipedia.org/wiki/ECHELON

Internet Backbone: https://wikipedia.org/wiki/Internet_backbone

Internet Censorship: https://wikipedia.org/wiki/Internet_censorship

You do make a valid point with regards to perhaps building a config that tries to avoid the major Tor nodes and main routes. It would ofc be much slower by comparison.

...

I in fact run a Tor Relay from my 'home' ISP on a static IP and have done so for a good number of years now.

Lastly, what happens on the internet is not always a reality or real life.

predic

member

Activity: 76

Merit: 10

mamma mia, you have to learn about methods of work of secret service.

They infiltrate human rights organizations and privacy organizations, your strategy is wrong from the beginning.

and those who work for secret service surely have money to employ very fast servers. ordinary users who are not working for the gov, they employ slow servers. some of ordinary users can be snitches but many are not, they employ server from their pocket, they don't get funding from the gov or from riches who work for the gov.

solution is in employing thousands of small servers, not choosing the fastest ones. therefore tor network need more users who will donate bandwidth and servers.

by the way, there are 9 eyes, not only 5.
so, 5 eyes + Denmark, Norway, France, Netherlands.

additional material for reading (How Covert Agents Infiltrate the Internet to Manipulate, Deceive, and Destroy Reputations): https://firstlook.org/theintercept/2014/02/24/jtrig-manipulation/

what they do at internet, they do the same in reality.

BitcoinFX

legendary

Activity: 2646

Merit: 1722

https://youtu.be/DsAVx0u9Cw4 ... Dr. WHO < KLF

All ~~four~~ three example Tor configs. have been updated.

Optimized Bitcoin and Darkcoin config. examples to follow towards the end of next week.

If anyone has a working list of Bitcoin enabled .onion addresses then please do forward me a PM.

Thanks!

Topic: Advanced Tor Browser Bundle config. - Anti-Spying - Anti-ECHELON - Anti-FiveEyes - page 4. (Read 51561 times)